Sneaky password spray attacks are quite effective at being bad
It’s not uncommon to have several different email addresses. Nor is it uncommon to not check every email address every day for security notifications.
Unfortunately, that’s exactly what hackers using Password Spray Attacks are hoping for.
Typically, when users think about the hacking of their account, they believe they’re being targeted and the bad actor trying to get into their account is trying any number of passwords in order to access their specific account.
That’s not the case with Password Spray Attacks, which account for the hacking of more than a third of compromised accounts.
A Password Spray Attack is a very common attack where hackers try a few common passwords against many different accounts from different organizations.
For instance, a bad actor could have a list of 6 user account names from an organization: AaronS, BartG, CathyK, DougF, EvanP and FrancisJ. The hacker then decides to use the common passwords of ‘Password’ and ‘12345’ to try to log into all 6 of these accounts.
Of course, hackers could be using any passwords that they believe are common, so avoiding just those basic passwords isn’t enough to protect an account. Please read our blog on good password practices in order to beef up your existing and future passwords. https://rhynonetworks.com/are-you-following-the-new-password-guidelines/
Hackers don’t bother with small potatoes; they can easily attack many thousands of user accounts per day.
Users whose accounts are attacked may receive an email about a login attempt, but that attack may get lost in the midst of their other daily emails. Since hackers aren’t attacking that one account over and over, any login attempt emails appear few and far between.
The best way to protect yourself is to follow current password guidelines and to avoid common or basic passwords. The longer the password, the better.
As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648